First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to dissect packets whose destination IP lies within a range of IP addresses

I'm trying to only dissect packets whose destination address is within a range of IP addresses. E.g. all packets between 130.0.0.1 and 130.255.255.255. How do I take the destination IP address from the packet and compare it to the upper and lower bound of the IP addresses to be dissected?

As a prototype I've tried making a variable of type address and setting the values to what I think they should be. So type AT_IPv4, len = 4, and data pointing to an array that is 4 bytes long, with those being set to that of the destination ip address of the packets. But when I use cmp_address(&pinfo->dst, &ip)==1 it comes out as false, have tried using net_dst instead of dst and I get the same result.

JCAMP's avatar
7
JCAMP
asked 2019-01-07 16:37:41 +0000, updated 2019-01-08 12:15:12 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Are you sure you're using cmp_address() correctly? Like memcmp(), it returns 0 for a match.

cmaynard's avatar
11.1k
cmaynard
answered 2019-01-07 20:14:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

My mistake, I am now

JCAMP's avatar JCAMP (2019-01-08 10:43:18 +0000) edit
more
  • delete

So the prototype of using IPs that are equals works. But how do I compare against an upper and lower bound of IPs that the dissector would accept? So if the destination is between 130.0.0.1 and 130.255.255.255 then do some stuff.

JCAMP's avatar JCAMP (2019-01-08 10:57:53 +0000) edit
more
  • delete

As documented in address.h, cmp_address(addr1, addr2) returns 0 if they're equal, a positive number if addr1 > addr2 and a negative number if addr1 < addr2. So you can do something like:

if ((cmp_address(&pinfo->dst, &ip_lower) >= 0) && (cmp_address(&pinfo->dst, &ip_upper) <= 0)) {
    /* Accept the packet and process it */
} else {
    /* Reject the packet */
}
cmaynard's avatar cmaynard (2019-01-08 13:53:11 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer